Changes

Using Wireshark tool with a WiFi card in monitor mode allow you to see the data used to scan for other 3DS in the range. The below is a broadcast probe request from an 3DS while in standby mode, with SSID "Nintendo_3DS_continuous_scan_000". When in "active" mode, 3DS sends probe requests with arbitrary random SSID strings, like "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j". This frame also contains a custom Nintendo tag, it seems to contain unknown console unique data, since the contents of this tag from different 3ds captures don't match. Probe responses contain the same Nintendo tag data as the probe requests from the same 3DS. The MAC address used in sleepmode seems to change every time there's a streetpass hit, as well as the last 8-bytes of the Nintendo tag data?

Using Wireshark tool with a WiFi card in monitor mode allow you to see the data used to scan for other 3DS in the range. The below is a broadcast probe request from an 3DS while in standby mode, with SSID "Nintendo_3DS_continuous_scan_000". When in "active" mode, 3DS sends probe requests with arbitrary random SSID strings, like "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j". This frame also contains a custom Nintendo tag, it seems to contain unknown console unique data, since the contents of this tag from different 3ds captures don't match. Probe responses contain the same Nintendo tag data as the probe requests from the same 3DS. The MAC address used in sleepmode seems to change every time there's a streetpass hit, as well as the last 8-bytes of the Nintendo tag data?

When there's a StreetPass hit, and no StreetPass data changed on either of the 3DSes, no data is transferred besides probes? Perhaps there's some ID in the Nintendo tag that gets updated every-time the 3DS' StreetPass data changes?

When there's a StreetPass hit, and no StreetPass data changed on either of the 3DSes, no data is transferred besides probes? Perhaps there's some ID in the Nintendo tag that gets updated every-time the 3DS' StreetPass data changes? After turning off power, then powering on and entering sleepmode, the MAC doesn't change from prior to power off but the last 8-bytes of the Nintendo tag changes.

Whether to do a StreetPass hit is probably determined based on if the other 3DS MAC+8byte Nintendo tag data pair was ever seen before, or how long that 3DS was in range constantly/out of range. 3DSes that are constantly in range of each other in sleepmode, usually do StreetPass every <12 hours?

When in standby mode, old DS wifi is used,(this includes SpotPass and StreetPass) but in "active" mode the regular DSi wifi bus is used.

When in standby mode, old DS wifi is used,(this includes SpotPass and StreetPass) but in "active" mode the regular DSi wifi bus is used.

   0060  30 48 60 6c dd 15 00 1f 32 01 11 05 00 02 08 00  0H`l....2.......

   0060  30 48 60 6c dd 15 00 1f 32 01 11 05 00 02 08 00  0H`l....2.......

   0070  00 f0 08 c8 34 6e 05 0f c9 c6 80 5b 6f bc 5a    ....4n.....[o.Z

   0070  00 f0 08 c8 34 6e 05 0f c9 c6 80 5b 6f bc 5a    ....4n.....[o.Z

A streetpass "AP" was spoofed on a laptop with hostapd by setting the SSID to "Nintendo_3DS_continuous_scan_000", with the extra Nintendo tag from another 3DS' probe request. The SSID and AP can't be easily spoofed with hostapd for streetpass when 3DS is "active", for the random "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j" strings. The 3DS didn't seem to authenticate or associate with the "AP". Streetpass "AP" comms use '''WPA2''' encryption. Eventually the 3DS stops communicating with the fake "AP" since the AP doesn't understand the sent data,(especially since it's encrypted) and sends a 802.11 "Action" frame, with category ID 0x7f and Nintendo's vendor ID: 00 1f 32.(However the 3DS keeps communicating with the above process repeatedly)

A streetpass "AP" was spoofed on a laptop with hostapd by setting the SSID to "Nintendo_3DS_continuous_scan_000", with the extra Nintendo tag from another 3DS' probe request. The SSID and AP can't be easily spoofed with hostapd for streetpass when 3DS is "active", for the random "ic[kSvm9s@*cYD>/~IEVj\(fGG;qDo8j" strings. The 3DS didn't seem to authenticate or associate with the "AP". Streetpass "AP" comms use '''WPA2''' encryption. Eventually the 3DS stops communicating with the fake "AP" since the AP doesn't understand the sent data,(especially since it's encrypted) and sends a 802.11 "Action" frame, with category ID 0x7f and Nintendo's vendor ID: 00 1f 32.(However the 3DS keeps communicating with the above process repeatedly)